3 matches found
GHSA-HVV7-HFRH-7GXJ Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members
Summary Any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users. The normal server list API filters objects by HasPermission, but the WebSocket stream treats the presence of any authenticated user ...
Liner Insecure Direct Object Reference / Brute Force
Liner is a reliable AI search engine with over 10 million users worldwide. It is vulnerable to an insecure direct object reference vulnerability. Conversation histories for all users are stored on the server. However, Liner's server does not distinguish the ownership or sharing status of individu...
git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree
A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other...